On Wed, Jan 02, 2008 at 11:42:20AM -0800, Tom Eastep wrote:
> Andrew Suffield wrote:
> > On Wed, Jan 02, 2008 at 11:04:46AM -0800, Tom Eastep wrote:
> >> Nathan Gibbs wrote:
> >>
> >>> So in short, is there a way to allow connections to a particular port
> >>> from addresses in the blacklist file, while blocking the connections for
> >>> all other ports?
> >> There is no convenient way to do that.
> >
> > Perl foreach (`cat /etc/shorewall/not-so-blacklist`) {shorewall "REJECT
> > all:$_ all tcp 0:79,81:65535"}
> >
> > Or something along those lines.
>
> Which will allow TCP port 80 *and all other protocols*
Yes, you'd also need to explicitly reject those. On the other hand,
you should have a default reject policy for everything but TCP, ICMP
and UDP anyway. I probably forgot some other details. I spent about 30
seconds writing that line, don't deploy it without thinking it over
properly.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
